Network
=======
Office network
--------------
For the network infrastructure at the office, we're using `UniFi `_ equipment:
- UniFi Switches
- UniFi Security Gateway
- UniFi Access Points
UniFi Cloud Key
~~~~~~~~~~~~~~~
To manage the UniFi devices, use the dedicated UniFi controller, resp. UniFi cloud key.
.. seealso::
Check out the :ref:`Dashboard` for the «UniFi cloud key» link.
LAN
---
We're using ``10.0.0.0/8`` for our private network ranges.
Physical networks
~~~~~~~~~~~~~~~~~
All physical networks are assigned IPs from the ``10.0.0.0/12`` subnet.
To see the network subnets, check out the :ref:`UniFi Cloud Key`:
- ``Settings`` → ``Networks`` (VLAN's)
- ``Settings`` → ``VPN`` → ``Site-to-Site VPN`` → ``{VPN}`` → ``Subnet``
Docker networks
~~~~~~~~~~~~~~~
All Docker networks are assigned IPs from the ``10.16.0.0/12`` subnet:
+------------------+---------------------------------+
| Subnet | Usage |
+==================+=================================+
| ``10.16.0.0/16`` | Default Docker bridge |
+------------------+---------------------------------+
| ``10.17.0.0/16`` | :ref:`Proxy` network |
+------------------+---------------------------------+
| ``10.18.0.0/16`` | Compose project bridge networks |
+------------------+---------------------------------+
Office LAN IPs
~~~~~~~~~~~~~~
The office LAN IPs are managed in the :ref:`UniFi Cloud Key`.
Server LAN IPs
~~~~~~~~~~~~~~
The server LAN IPs are managed in :ref:`Ansible`.
.. hint::
You can use the ``create_host_list.yml`` `playbook `_ to create a ``host_list.txt`` file containing all host IPs.
Firewalls
~~~~~~~~~
To protect our network, we're using firewalls.
Check out the :ref:`Firewall` chapter for more information.
VPNs
~~~~
To interconnect our networks, resp. access them from remote, we're using VPNs.
Check out the :ref:`VPN` chapter for more information.
WAN
---
Office WAN
~~~~~~~~~~
At the office we've a fixed & native IPv4 address ``84.254.96.223``.
We also have a routed IPv4 subnet ``217.71.252.24/29`` over the native IP address.
+----------------------+---------------------+-------------------------------+
| IPv4 address | Usage | DNS PTR |
+======================+=====================+===============================+
| ``217.71.252.24/29`` | *n/a: network ID* |
+----------------------+---------------------+-------------------------------+
| ``217.71.252.25/29`` | Gateway | |
+----------------------+---------------------+-------------------------------+
| ``217.71.252.26/29`` | Management services | ``management.wan.confirm.ch`` |
+----------------------+---------------------+-------------------------------+
| ``217.71.252.27/29`` | Lenovo server | |
+----------------------+---------------------+-------------------------------+
| ``217.71.252.28/29`` | EliteDesk 1 | |
+----------------------+---------------------+-------------------------------+
| ``217.71.252.29/29`` | EliteDesk 2 | |
+----------------------+---------------------+-------------------------------+
| ``217.71.252.30/29`` | EliteDesk 3 | |
+----------------------+---------------------+-------------------------------+
| ``217.71.252.31/29`` | *n/a: broadcast* |
+----------------------+---------------------+-------------------------------+
Datacenter WAN
~~~~~~~~~~~~~~
At the datacenter, we've a fixed & native IPv4 address ``195.201.104.241``.
It's assigned to the :ref:`Proxmox`.
We also have a routed IPv4 subnet ``46.4.219.16/28`` over the native IP address:
+--------------------+--------------------------+--------------------------------+
| IPv4 address | Usage | DNS PTR |
+====================+==========================+================================+
| ``46.4.219.16/28`` | *n/a: network ID* |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.17/28`` | :ref:`Proxmox` (gateway) | ``proxmox.wan.confirm.ch`` |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.18/28`` | Live services | ``live.wan.confirm.ch`` |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.19/28`` | Customer services | ``customers.wan.confirm.ch`` |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.20/28`` | Test services | ``test.wan.confirm.ch`` |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.21/28`` | Development services | ``development.wan.confirm.ch`` |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.22/28`` | | |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.23/28`` | | |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.24/28`` | | |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.25/28`` | | |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.26/28`` | | |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.27/28`` | | |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.28/28`` | | |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.29/28`` | | |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.30/28`` | | |
+--------------------+--------------------------+--------------------------------+
| ``46.4.219.31/28`` | *n/a: broadcast* |
+--------------------+--------------------------+--------------------------------+
Server WAN IPs
~~~~~~~~~~~~~~
The server WAN IPs are managed in :ref:`Ansible`.
.. hint::
You can use the ``create_host_list.yml`` playbook to create a ``host_list.txt`` file containing all host IPs.